Today companies and organizations communicate with their customers and other parties via the Internet to an ever-increasing extent. In these situations, the companies and organizations need to ensure that a specific party is the same party they communicated with at an earlier occasion.
One way to ensure this is to provide the communication party with a code or a user name and password. If a person is able to replicate the code at a later occasion, this replication is considered to be an indication that it is the same person who previously received the code.
The use of codes or passwords as authenticating means has the disadvantage that there is a risk that an unauthorized person acquires these authenticating means. In today's society, people also need to learn and memorize codes to an ever-increasing extent, e.g. to use various services on the Internet or to use credit cards. This fact increases the risk that people will start to write down codes, making them easier for other people to acquire. It also makes these solutions less user-friendly, since it becomes considerably harder for people to remember all the codes. There is also a risk that so called brute force attacks or dictionary based attacks are used to find out and acquire passwords.
In many situations, code- or password-based solutions are hence considered insufficient. Instead, there is a need to introduce another mechanism which the communication party can control—which is more secure yet easy-to-use. Hence, the following features are desirable for such a mechanism:                The user is able to protect authenticating means, e.g. passwords, from being stolen.        A possible theft of authentication means is easily discovered.        The effect of a possible theft of authenticating means can be reduced, e.g. through a procedure of revoking the authenticating means.        It should be easy for companies to start using the mechanism on a wide basis, e.g. as a means for administering the communication with a great number of communication parties.        The mechanism should be easy-to-use and straightforward from a user perspective.There are currently available solutions that meet these requirements to some degree. One example is the usage of card-based certificates, based on Public Key Infrastructure, PKI, as a tool for identification. A card-based certificate can be protected. A stolen certificate may easily be identified. If it is stolen, it may be revoked. However, the card-based technology requires an infrastructure that is not yet widely spread, as well as being relatively complex to implement to any greater extent.        
An alternative is to use file-based certificates based on Public Key Infrastructure. These are more widely spread than card-based certificates, but are still by many considered not sufficiently spread and available to citizens and consumers.